Making kwallet more secure
nf2
nf2 at scheinwelt.at
Sat Aug 23 12:26:20 BST 2008
Michael Leupold wrote:
> - Make kwallet use p2p d-bus. Actually I'm not sure if that would work because
> I couldn't find enough information about that matter. If I create a new bus
> bypassing the daemon, couldn't other processes still connect to it as well?
Well - i think p2p d-bus doesn't really have a "bus". It's just a socket
connections talking the d-bus protocol. So nobody else can eavesdrop them.
I think you would need to create a DBusServer:
dbus_server_listen()
And once a client connects call
dbus_connection_get_unix_process_id()
and look up the absolute path of the calling application to store in the
ACL (or to show in the dialog) using something like the code in
http://svn.gnome.org/viewvc/gnome-keyring/trunk/common/gkr-daemon-util.c
--> gkr_daemon_client_set_current()
because this doesn't work on non-unix platforms, the client should
probably always send its path but with daemon-side validation only
enabled on unixes.
Cheers,
Norbert
More information about the kde-core-devel
mailing list